Blurring the boundaries - Bring Your Own Cloud

Things change, but recent advances in technology coupled
with social changes are changing the work/life balance, and not in the way that
was once expected. Shorter days and more leisure time was a twentieth century
dream for the twenty first century world of work, but the reality is somewhat
different.

At one time, information and communications technology
(ICT) for the working environment was only made accessible to a select few,
controlled by central diktat and superior to anything you were likely to see at
home. Now the complete opposite is true and consumerised IT not only extends the
working day into individuals' personal lives, but also allows them choices and
to bring their personal devices (BYOD) and activities - especially social
communications - into the main hours of the working day.

While this blurring may not be an issue providing
employees do not push too much personal activity so as to be a detriment to
their work, it does create other challenges.

One in particular is related to another change, but this
time instigated by the organisation. There is an increasing need to open up
business applications to communicate and share information with users outside
of the organisation. This includes outside the physical boundaries and the need
to share with employees on the move or working from home, but also outside the
corporate boundaries to contractors, third party suppliers, business customers
and even consumers. The reasons for this are to improve relationships with
customers, transact directly with them and to more tightly integrate the supply
chain.

Organisations are themselves also increasingly using
social media to do this as they feel that it will make it easier to identify,
communicate with and retain customers.

The problem then is how and what to share, and will it be
safe?

Up until recently the main method of sharing information
remotely with anyone external would either be physical media - CD, memory
stick, etc - especially for large volumes of data; or, more often for smaller
volumes, email. Most organisations are relatively confident they can secure
email sharing, and there are certainly many tools to support this and minimise
data leakage.

Physical media is more tricky, and as mobile devices have
become increasingly prevalent, this increases the physical device risk further.
This might be by direct connection through USB such as memory sticks (although
'podslurping' was a term coined for downloading gigabytes to a connected iPod)
or over the air through a cellular or Wi-Fi connection.

The risks this brings through the potential loss or theft
of device are well known and understood, with mobile device management (MDM)
protections often put in place to lock or wipe, and sometimes, though not
frequently enough, through on-device encryption. There are also those who avoid
data residing on the device at all through virtual connections that leave no
permanent data footprints.

However, a greater risk comes from user behaviours related
to the increasing use of social media - posting or sharing something 'out
there' on the internet. This might be as an update to 'friends' via a social
media site or a dedicated cloud storage provider.

Either way it is potentially out of sight from an
enterprise perspective, as employees will be using their own preferred tools to
create a Bring Your Own Cloud or Collaboration (BYOC) experience. If this
casual and informal usage translates into how official or formal information is
shared with third party businesses and consumers, the organisation is not in
control, making the demonstration of compliance virtually impossible and
increasing security risks.

It might be that enterprise IT has its own set of endorsed
tools for information sharing via cloud based services, but the blurring of
boundaries in employee behaviour may make the use of these difficult to
enforce, especially if employees have been allowed or even encouraged to BYOD
in an uncontrolled manner. One way or another, lax behaviour may need to be
reined in, monitored or checked.